b"SEC.gov |  Commission Web Security\nSearch SEC Documents\nCompany Filings | More Search Options\nSkip to Main Content\nAbout\nWhat We Do\nCommissioners\nSecurities Laws\nSEC Docket\nReports\nCareers\nContact\nDivisions\nCorporation Finance\nEnforcement\nInvestment Management\nEconomic and Risk Analysis\nTrading and Markets\nNational Exam Program\nAll Divisions and Offices\nEnforcement\nLitigation Releases\nAdministrative Proceedings\nOpinions and Adjudicatory Orders\nAccounting and Auditing\nTrading Suspensions\nHow Investigations Work\nAdministrative Law Judges\nRegulation\nProposed Rules\nFinal Rules\nInterim Final Temporary Rules\nOther Orders and Notices\nSelf-Regulatory Organizations\nStaff Interpretations\nEducation\nInvestor.gov\nCheck Out a Broker or Adviser\nInvestor Alerts and Bulletins\nFast Answers\nFile a Tip or Complaint\nPublications\nFilings\nEDGAR Search Tools\nCompany Filings Search\nHow to Search EDGAR\nRequesting Public Documents\nDescriptions of Filing Types\nInformation for Filers\nAbout EDGAR\nNews\nPress Releases\nPublic Statements\nSpeeches\nTestimony\nSpotlight Topics\nWhat's New\nNews Digest\nEvents\nWebcasts\nSpecial Studies\nCommission Web Security\nInspector General\nAbout OIG Office of Audits Office of Investigations Semiannual Reports Testimony Other Publications References Links Relevant FOIA Documents Contact Us\nThis document is an HTML formatted version of a printed document.\nThe printed document may contain agency comments, charts, photographs,\nappendices, footnotes and page numbers which may not be reproduced in this\nelectronic version.  If you require a printed version of this document\ncontact the United States Securities and Exchange Commission, Office of\nInspector General, Mail Stop 11-7, 450 Fifth Street N.W., Washington, D.C.\n20549 or call (202) 942-4460.\nCOMMISSION WEB SECURITY\nAudit No. 361\nAugust 28, 2002\nINTRODUCTION\nThe Securities and Exchange Commission (SEC), Office of Inspector General, performed an audit of the internal controls over the security of the SEC's public website (www.sec.gov).  The primary goal of the audit was to evaluate the adequacy of security practices over the SEC public web site. The scope of the work included an evaluation of system security practices, focused penetration testing of the public website, and port scanning.\nSCOPE AND OBJECTIVES\nThe scope of our audit consisted primarily of interviewing SEC staff and reviewing supporting documentation, among other procedures, performed at SEC Headquarters and the SEC Operations Center.  Our fieldwork was conducted during the period from July 22 through August 28, 2002.\nThe objectives for this website security audit were to determine whether the SEC had designed, implemented and monitored effective security controls over the information available on the public website and the access to that website.  In addition, we determined if the SEC Office of Information Technology's security plan followed industry best practices guidelines.\nAUDIT RESULTS\nBased on our audit, we identified several non-material control weaknesses and provided recommendations for corrective action.  We provided senior management with an oral briefing on August 28, 2002 as well as September 24, 2002 of our findings and recommendations that management document certain control objectives and related controls over web related procedures.  Management concurred with the findings and corrective actions are being implemented.\nSite Map\nAccessibility\nContracts\nPrivacy\nInspector General\nAgency Financial Report\nBudget & Performance\nCareers\nContact\nFOIA\nNo FEAR Act & EEO Data\nWhistleblower Protection\nOpen Government\nPlain Writing\nLinks\nInvestor.gov\nUSA.gov\nU.S. Securities and Exchange Commission\nABOUT\nDIVISIONS\nENFORCEMENT\nREGULATION\nEDUCATION\nFILINGS\nNEWSROOM\nInspector General\nAbout OIG\nOffice of Audits\nOffice of Investigations\nSemiannual Reports\nTestimony\nOther Publications\nReferences Links\nRelevant FOIA Documents\nContact Us"